Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2553
Views
10
Helpful
4
Replies

FirePower FMC Audit logs are not showing policy changes

Go to solution
meidanmeshulam
Level 1
Level 1

‎02-28-2021 01:45 AM - edited ‎02-28-2021 01:54 AM

Hi all !

I'm capturing Audit logs from FMC using tcpdump, but unfortunately I do not see any access policy changes in the logs : \

I do get other logs like saving the configs etc, but when I edit the policy and add/remove/edit a rule , I get nothing on the logs.
I tried to play with it but still nothing works.

 

Shouldn't I see these changes in the logs ?

Thanks a lot !

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7

‎02-28-2021 10:29 AM

As of Firepower 6.7 the export of audit logs (via syslog) does not include the changes that are being made to the accesspolicy, the information is only available via FMC UI (see balaji.bandi's response). There is a feature request to enhance audit logs, but I am not aware of any commited release for those enhancements.

 

Hope that helps (or atleast clarifies the status quo)

View solution in original post

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to meidanmeshulam

‎03-02-2021 01:01 AM

There is an open enhancement request that is similar to what you would want from FMC: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp25425 - I've heard the same requirement from many customers since Firepower 6.0 that need detailed change logs for compliance reporting, but as of now there has been no release that would implement what you are looking for.

 

I would recommend opening a support case to get an enhancement request filed with Cisco, that way chances will increase that the functionality that you need will be implemented sooner.

 

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Oliver Kaiser
Level 7
Level 7

‎02-28-2021 10:29 AM

As of Firepower 6.7 the export of audit logs (via syslog) does not include the changes that are being made to the accesspolicy, the information is only available via FMC UI (see balaji.bandi's response). There is a feature request to enhance audit logs, but I am not aware of any commited release for those enhancements.

 

Hope that helps (or atleast clarifies the status quo)

Go to solution
meidanmeshulam
Level 1
Level 1
In response to Oliver Kaiser

‎03-01-2021 12:00 AM - edited ‎03-01-2021 12:16 AM

@Oliver Kaiser 
Thanks for the replay : ]

 

You mentioned "as of 6.7" , do you know what's going on prior 6.7 ? policy changes will be exported to the remote syslog server ?

 


Thanks !

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to meidanmeshulam

‎03-02-2021 01:01 AM

There is an open enhancement request that is similar to what you would want from FMC: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp25425 - I've heard the same requirement from many customers since Firepower 6.0 that need detailed change logs for compliance reporting, but as of now there has been no release that would implement what you are looking for.

 

I would recommend opening a support case to get an enhancement request filed with Cisco, that way chances will increase that the functionality that you need will be implemented sooner.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card